(19) 



J 



Europaisches 
Patentamt 



European 
Patent Office 



Office europeen 
des brevets 



(12) 



(n) EP 1 944 942 A1 

EUROPEAN PATENT APPLICATION 



(43) 


Date of publication: 


(51) IntCL: 




16.07.2008 Bulletin 2008/29 


H04L 29/06 < 2006 01 > 


(21) 


Application number: 07300729.6 




(22) 


Date of filing: 15.01.2007 




(84) 


Designated Contracting States: 


• Marquet, Bertrand 




AT BE BG CH CY CZ DE DK EE ES Fl FR GB GR 


92350 Le Plessis Robinson (FR) 




HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI 


• Dubus, Samuel 




SKTR 


75014 Paris (FR) 




Designated Extension States: 






AL BA HR MK RS 


(74) Representative: Schneider, Sandra 






Alcatel-Lucent Deutschland AG 


(71) 


Applicant: Alcatel Lucent 


Intellectual Property Group 




75008 Paris (FR) 


Lorenzstrasse 10 






70435 Stuttgart (DE) 


(72) 


Inventors: 




• 


Clevy, Laurent 


Remarks: 




28000 Chartres (FR) 


Amended claims in accordance with Rule 137(2) 






EPC. 



(54) Method for checking the running configuration of a network equipment and network 
equipment 



(57) The present invention relates to a network 
equipment (100) comprising a trusted computing envi- 
ronment (1 1 0). The trusted computing environment (1 1 0) 
provides isolation to allow some process to run in a com- 
plete and separate environment from other processes 
and to securely store sensitive and confidential data. The 
invention also relates to a method for checking the run- 
ning configuration of a network equipment (100). The 
trusted computing environment (110) comprises first 
message digests (125, 135), that first message digests 
(1 25, 1 35) being message digests of at least part of code 
(121) and data (131) of a validated configuration of the 
network equipment (100). Second message digests are 
calculated of at least part of code (120) and data (130) 
of a running configuration of the network equipment 
(100). Within the trusted computing environment (110) 
the running configuration of the networkequipment(100) 
is checked using the first message digests (125, 135) 
and the second message digests. 
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Description 

BACKGROUND OF THE INVENTION 

[0001] The present invention relates to a network 
equipment comprising a trusted computing environment 
and a method for checking the running configuration of 
the network equipment. 

[0002] A network equipment with a trusted computing 
environment is described in the United States Patent Ap- 
plication Publication US 2005/0257047 A1 . The trusted 
computing environment comprises a mechanism to con- 
trol security functionality of the network equipment and 
provides secure access to sensitive and confidential data 
and provides isolation to allow some process to run in a 
complete separate environment from another process. 
[0003] In the European Patent Application EP 
1 1 7991 5 A2 a router of a communication network is de- 
scribed which comprises a microprocessor card. At boot 
time of the router configuration data is loaded into the 
router from the microprocessor card. 
[0004] In the International Patent Application WO 
03/026255 A1 the configuration of a network equipment 
at boot time is described. Configuration data for the net- 
work equipment is loaded at boot time from a small stor- 
age device. 

[0005] In WO 02/084942 A1 an appliance protector re- 
siding within a network component is described, which 
protects the network component by monitoring process- 
es for a valid signature. 

[0006] In WO 94/10778 messages of a client-server 
communication are authenticated using message di- 
gests. 

[0007] A Java smart card is an example of a trusted 
computing environment that is under study at the IETF 
(The Internet Engineering Task Force) and the smart 
card forum. The studies include the inclusion of an Inter- 
net protocol stack inside such a card. Attacks occur to 
communication networks and are often focused on the 
telecommunication infrastructure itself. For the example 
of an internet protocol communication network, attacks 
are often focused on routers. On the other hand more 
communication systems including communication sys- 
tems involved in critical infra structures e. g. energy, 
emergency or defense have converged to internet pro- 
tocol. Most of current routers are protected by a set of 
administrator authentication for example a login and a 
password. If the administrator's password is corrupted 
or has been cracked the attacker has a full control of the 
network equipment. For example, the configuration can 
be changed and this can not usually be detected by the 
network management. Gaining such access to network 
equipments is dangerous. The software embedded in 
them is complex and should not be secured on the long 
term using software-only solutions. Existing hardware 
solutions are presently for example designed to provide 
redundancy, e. g. by dual management cards, but they 
do not check if the running configuration can be trusted. 



[0008] Software tools exist to remotely check a router 
configuration but such tools cannot guarantee security if 
integrity of the network equipment, e. g. the router, is 
partly compromised. 

5 

OBJECT OF THE INVENTION 

[0009] The object of the invention is to provide a solu- 
tion to enhance the security of a network equipment, es- 
10 pecially in a digital network equipment for example a net- 
work equipment in an IP (Internet Protocol) network. 

SUMMARY OF THE INVENTION 

15 [0010] This object and others that appear below are 
achieved by a network equipment comprising a trusted 
computing environment according to claim 1 and a meth- 
od for checking the running configuration of a network 
equipment according to claim 7. 

20 [0011] According to one aspect of the invention, the 
invention provides a solution which is able to detect any 
configuration change of code or data of the running con- 
figuration of a network equipment with respect to a vali- 
dated state of configuration. 

25 [0012] The trusted computing environment (TCE) of 
this invention comprises a microprocessor card and a 
secure micro kernel in ROM with an independent clock. 
The secure micro kernel animates the microprocessor 
card. This hardware configuration allows for the router 

30 self checking, secure micro kernel can be trusted and 
used for the check. 

[001 3] According to an aspect of the invention the rout- 
er's running configuration is periodically verified by a sig- 
nature based solution. The check takes place inside a 

35 hardware that can not be corrupted or compromised, a 
trusted computing environment, like the one for example 
presented in the US Patent Application US 
2005/0257047 A1 . The network equipment has its integ- 
rity protected by hardware methods of the trusted com- 

40 puting environment. 

[0014] The running configuration of a network equip- 
ment comprises data files and executable code images 
which are stored on a storage device, e. g. a flash mem- 
ory. At boot time or dynamically, the code images are 

45 loaded into memory and executed and the data is read 
from the storage device, e. g. the flash memory. The data 
configuration comprises for example the security config- 
uration or in the case of an Internet protocol network the 
Internet protocol configuration. The code image compris- 

50 es executable code. Data and code of the running con- 
figuration of the network equipment are usually stored 
on a non-volatile memory. Message digests such as cryp- 
tographic check sums or hashes, for example using the 
algorithms MD5orSHA-1 , can be computed forthe whole 

55 configuration of the network equipment. Message di- 
gests for part of data and code of the running configura- 
tion of the network equipment can also be calculated. 
[001 5] According to an aspect of the invention integrity 
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of the running configuration of the network equipment is 
checked by comparing the running configuration of the 
network equipment to a predefined well known and val- 
idated configuration. Such configuration has for example 
been determined externally before deployment of the net- 
work equipment. It is a set of code and data files known 
to work properly on this hardware configuration of the 
network equipment. It is also known that this code and 
data file configuration works well on this network equip- 
ment at this place in the communication network. 
[001 6] According to a preferred embodiment of the in- 
vention the known and validated configuration of the net- 
work equipment is stored at a location remote from the 
network equipment. Preferably such a remote location is 
a trusted configuration server. 

[001 7] A network equipment according to the invention 
comprises a trusted computing environment which pro- 
vides isolation to allow some process to run in a complete 
and separate environment from other processes and to 
securely store sensitive and confidential data. The trust- 
ed computing environment comprises first message di- 
gests which are message digests of at least part of code 
and data of a validated configuration of the network 
equipment. The trusted computing environment further 
comprises means for calculating second message di- 
gests of at least part of code and data of the running 
configuration of the networkequipment. Thetrustedcom- 
puting environment comprised in the network equipment 
further comprises means for checking the running con- 
figuration of the networkequipment by usingthefirstmes- 
sage digests and the second message digests. The sec- 
ond message digests of the running configuration of the 
network equipment are verified against the first message 
digests of the validated configuration. 
[001 8] According to a preferred embodiment of the in- 
vention the trusted computing environment comprises 
cryptographic means for verifying the integrity and origin 
of the first message digests. The cryptographic means 
are adapted to verify a digital signature. For the verifica- 
tion of the digital signatures a public key is used which 
is the corresponding key to a private key with which the 
digital signatures have been generated. Forthis an asym- 
metric encryption algorithm with a public private key pair 
is used. 

[001 9] According to a preferred embodiment of the in- 
vention the trusted computing environments performs 
the step of checking the running configuration of the net- 
work equipment at regular intervals. The trusted comput- 
ing environment will regularly verify the first message di- 
gests of the valid configuration against second message 
digests of the files currently used, being currently exe- 
cuted, by the network equipment. The second message 
digests are for example - according do one embodiment 
of the invention - calculated just before comparing them 
to the first message digests. 

[0020] According to a preferred embodiment of the in- 
vention the public certificate comprising the public key 
for decrypting the digital signatures of the first message 



digests is stored in a protected way inside the trusted 
computing environment. It has been stored during the 
deployment of the network equipment and can not be 
removed or modified by an attacker. 

5 [0021] According to another embodiment of the inven- 
tion the network equipment computes the second mes- 
sage digests of the running state of the network equip- 
ment at regular intervals. The running state of the network 
equipment comprises data and code images which have 

10 been loaded and used from a storage device, e. g. flash 
memory. The results are second message digests of a 
snapshot of the running configuration. 
[0022] According to a highly preferred embodiment of 
the invention the network equipment comprises means 

15 for requesting the first message digests from a remote 
location and means for receiving the first message di- 
gests from that remote location. The remote location is 
preferably a configuration server where the known and 
validated configuration of the network equipment is 

20 stored. In the configuration server the first message di- 
gests are preferably also stored and can be transmitted 
to the network equipment. The first message digests are 
preferably signed using a private key at the remote loca- 
tion, e. g. the a configuration server. The integrity and 

25 origin of the first message digests can then be verified in 
a trusted computing environment of the network equip- 
ment. The verification uses the public key corresponding 
to the private key used at the remote location. 
[0023] According to another embodiment of the inven- 

30 tion the steps of requesting and receiving these first mes- 
sage digests from the remote location and checking the 
running configuration of the network equipment are op- 
tionally done at regular intervals. The network equipment 
and the method can be configured to perform the steps 

35 of requesting and receiving these first message digests 
from the remote location and checking the running con- 
figuration of the network equipment at regular intervals 
or not. 

[0024] According to another embodiment of the inven- 

40 tion the network equipment, particularly the trusted com- 
puting environment of the networkequipment, is adapted 
to send at regular intervals a crypto graphically signed 
heartbeat message to the remote location or a second 
remote location. The cryptographically signed heartbeat 

45 message is signed using a private key inside the trusted 
computing environment. The signature is verified at the 
remote location or the second remote location using a 
public key of the trusted computing environment, which 
is comprised within the network equipment. 

so [0025] According to an aspect of the method for check- 
ing the running configuration of a network equipment the 
running configuration of the networkequipment is verified 
against a validated configuration of the network equip- 
ment by using the first message digests and second mes- 

55 sage digests. The first message digests are message 
digests of at least a part of code and data of a validated 
configuration of the network equipment. The second 
message digests are message digests of at least part of 
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code and data of a running configuration of the network 
equipment. The method verifies the set of first message 
digests of the valid configuration of the network equip- 
ment against the message digests of the files currently 
used and executed by the network equipment. According 
to a preferred embodiment of the invention the method 
further comprises the step of cryptographically verifying 
within the trusted computing environment the integrity 
and origin of the first message digests. The first message 
digests are signed by a cryptographic signature. For the 
cryptographic signatures, preferably an algorithm with a 
public private key pair is used. The cryptographic signa- 
ture is checked by the trusted computing environment 
using a public key. The public key used corresponds to 
the private key with which the signatures have been gen- 
erated. The public certificate comprising the public key 
of the entity having produced the signature is protected 
inside the trusted computing environment. It has been 
stored during the deployment of the network equipment 
and can not be removed or modified by an attacker. 
[0026] According to a preferred embodiment of the in- 
vention the step of checking the running configuration of 
the network equipment is performed at regular intervals. 
Periodically the second message digests of the running 
state of the network element are calculated. A running 
state comprises the data and code images which have 
been loaded and used from a storage device, e. g. flash 
memory. The result is a snapshot of the running config- 
uration. 

[0027] The running configuration second message di- 
gests are then verified against the first message digests. 
[0028] According to a preferred embodiment of the in- 
vention the first message digests are requested from a 
remote location and the first message digests are re- 
ceived at the network equipment from said remote loca- 
tion. Preferably the first message digests received from 
the remote location have been signed at the remote lo- 
cation using a private key. The cryptographic signatures 
of the first message digests can then be verified using 
the corresponding public key stored at the trusted com- 
puting environment. This allows for cryptographically ver- 
ifying within the trusted computing environment the in- 
tegrity and origin of the first message digests received 
from the remote location. The public certificate compris- 
ing the public key is stored in a protected way inside the 
trusted computing environment and can not be removed 
or modified by an attacker. 

[0029] According to another embodiment of the inven- 
tion the steps of requesting and receiving these first mes- 
sage digests are performed at regularly intervals. The 
step of checking the running configuration of the network 
equipment is also performed at regular intervals. The 
trusted computing environment regularly computes sec- 
ond message digests of the running state of the network 
equipment. The result is a snapshot of the running con- 
figuration. The running configuration comprises data and 
code images which have been loaded and used from a 
storage device, e. g. a flash memory. 



[0030] According to another embodiment of the inven- 
tion a reaction is launched if the check of the running 
configuration fails. For example at least an alarm is send 
to a network management device. 

5 [0031] According to another embodiment of the inven- 
tion at regular intervals a cryptographically signed heart- 
beat message is sent to said remote location, e. g. a 
configuration server, or to a second remote location, e. 
g. a security level manager. This can be used as a proof 

10 that the verification of the running configuration of the 
network equipment is still functional. The signature of the 
heartbeat message is produced using a private key within 
the trusted computing environment. The signature can 
then be verified at the remote location or the second re- 

15 mote location using the corresponding public key. Ac- 
cording to another embodiment of the invention, said 
heartbeat message is sent to said remote location, e. g. 
a configuration server and to a second remote location, 
e. g. a security level manager. 

20 [0032] According to a preferred embodiment of the in- 
vention the trusted computing environment is a running 
smart card, preferably equipped with a secure micro ker- 
nel. 

[0033] According to an embodiment of the invention 

25 the network equipment is a router, preferably within a 
digital communication network. In a preferred embodi- 
ment of the invention the digital communication network 
is an Internet protocol (IP) network. 
[0034] According to an embodiment of the invention 

30 the first message digests can be stored within the trusted 
computing environment. For the check of the running 
configuration of the network equipment those stored first 
message digests can then be used. According to an em- 
bodiment of the invention the first message digests can 

35 additionally be requested and received from the remote 
location. The stored first message digests are then re- 
placed by the received first message digests. 
[0035] According to another embodiment of the inven- 
tion the first message digests are received from the re- 

40 mote location stored and used for a check of the running 
configuration only once. Forafurthercheck of the running 
configuration, new first message digests have to be re- 
ceived from the remote location. 



[0036] Other characteristics and advantages of the in- 
vention will become apparent in the following detailed 
description of preferred embodiments of the invention 
50 illustrated by the accompanying drawings given by way 
of non limiting illustrations. The same reference numerals 
may be used in different drawings to identify the same 
or similar elements. 

55 Figure 1 shows a schematic overview of a network 
equipment and a configuration server, 

Figure 2 shows an overview of the configuration 



45 BRIEF DESCRIPTION OF THE DRAWINGS 
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check, 

Figure 3 shows a network equipment, e. g. a router, 
and an initial heartbeat message, 

Figure 4, Figure 5 and Figure 6 show an overview 
of a heartbeat message verification. 

DETAILED DESCRIPTION OF THE INVENTION 

[0037] Figure 1 shows a network equipment 1 00, e. g. 
a router. The network is a communication network pref- 
erably a digital communication network, e. g. an Internet 
protocol network. The network equipment 1 00 comprises 
a trusted computing environment 110, e. g. a running 
smart card which can be a Java smart card. The trusted 
computing device offers a secured execution device as- 
sociated with the network element to perform secured 
functions. The execution of these functions is isolated 
and secured from other processes running on the net- 
work equipment and therefore these functions cannot be 
compromised easily by attackers. To achieve improved 
security one or more generic processors are embedded 
on the control card which are associated with standard 
storage devices such flash memory cards to store con- 
figurations or security elements from management or 
control operations. A trusted computing environment is 
for example described in US 2005/0257047 A1 . Stored 
within the trusted computing environment is a public key 
21 0 for verifying cryptographic signatures. Correspond- 
ing to the public key 21 0 is a private key 201 . Signatures 
encrypted using the private key 201 can be verified using 
the public key 21 0. The network equipment 1 00 also com- 
prises code 1 20 and data 1 30 of the running configuration 
of the network equipment. 

[0038] Also shown in figure 1 is a remote location 200, 
preferably a trusted configuration server. The trusted 
configuration server 200 comprises code 121 and data 
131 of a validated configuration of the networkequipment 
100. It preferably also comprises first message digests 
125 of the code 121 of a validated configuration of the 
network equipment 100 and first message digests 135 
of data 131 of a validated configuration of the network 
equipment 100. The trusted configuration server also 
comprises a private key 201 to crypto graphically sign the 
first message digests 125 and 135. The cryptographic 
signature using the private key 201 is done within the 
means 205 for cryptographically signing the first mes- 
sage digests 125 and 135. The code 121 and data 131 
validated for the network equipment 100 is called the 
valid configuration of the network equipment 100. The 
validated configuration of the network equipment 100 is 
signed in the means 205 using the private key 201 of the 
configuration server 200. At boot time the networkequip- 
ment 100 loads several binary images into the memory 
before executing them. The binary images in the memory 
to be executed are the running configuration of the net- 
work equipment 100. A signature can be computed for 



each of these code 121 and data 131 files. The trusted 
configuration server 200 is a trusted computing environ- 
ment so the private key 201 of the trusted configuration 
server is in a save place. 

5 [0039] According to another embodiment of the inven- 
tion, the networkequipment 1 00 is provided the validated 
data 131 and validated code 121 during the deployment 
of the network equipment 1 00. After integration verifica- 
tion the network equipment 100 has validated data 131 

10 and validated code 121. It is therefore known within the 
network equipment 100 what it is a valid configuration 
131 and 121. 

[0040] In figure 2A the request of the first message 
digests from the network equipment 100 to the trusted 

15 configuration server 200 is shown. On a regular basis 
the trusted computing environment 1 10 of the network 
equipment, preferably a router, 100 verifies that the 
whole network equipment's 100 integrity is intact. The 
trusted computing environment 1 1 0 requests the trusted 

20 configuration server 200 for the first message digests 
1 25, 1 35 of each vital code 1 21 and data 1 31 parts which 
are needed for the network equipment's 100 integrity 
checking. 

[0041 ] Shown in figure 2B is the server answering with 
25 the first message digests 125, 135. The first message 
digests 125 and 135 are cryptographically signed using 
the private key 201 of the trusted configuration server 
200. The network equipment 1 00 receives the first mes- 
sage digests 125 and 135, which are cryptographically 
30 signed. 

[0042] Shown in figure 2C is the check of the running 
configuration of the network equipment 1 00 by using the 
first message digests 1 25 and 1 35 and the second mes- 
sage digests. Inside the trusted computing environment 

35 1 10 for each of the vital parts of the running configuration 
of the networkequipment 100 which comprises code 120 
and data 130 second message digests are computed. 
Then the first message digests of those vital parts 120 
and 1 30 are verified against he locally computed second 

40 message digests. If one of those comparisons showsthat 
one of the message digest is not valid it means that a 
modification has been made to the related part and that 
the network equipment's integrity is no longer assured. 
[0043] The trusted computing environment 110 is 

45 based on a principle that the executable is running inde- 
pendently from the main software of the network equip- 
ment 1 00 and can not be stopped or altered even using 
known physical means. 

[0044] Examples for algorithms that can be used for 
50 calculating the first and second message digests are for 
example SHA-1 or MD5 or any other message digest 
algorithms. 

[0045] According to a preferred embodiment of the in- 
vention a signed heartbeat message is sent to the con- 
55 figuration server 200 or to another remote location, e. g. 
a management server, to detect an intentional isolation 
of the networkequipment 1 00 from the management net- 
work. An example of a method for generating heartbeat 
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messages is shown in figures 3 to 6. The trusted com- 
puting environment 110 of the network equipment 100 
generates internally a unique public key 1 1 0 and private 
key 101 pair. It is used to avoid a malicious attacker to 
fakethe identity of the networkequipment 1 00. This could 
be used to generate false heartbeat message. If the net- 
work equipment 1 00 has two trusted computing environ- 
ments 110, two different public key pairs will be gener- 
ated. One of them can be used to avoid the fake of identity 
Additionally or alternatively the two corresponding public 
keys can be allowed by the remote heartbeat checker. 
This is especially useful for router configuration with dual 
management - including TCE - cards. 
[0046] Figure 3 shows the generation of a first and 
unique initial heartbeat message 300. The initial heart- 
beat message makes the public key 1 1 1 of the trusted 
computing environment 1 1 0 known to the trusted config- 
uration server 200. The public key 111 could also be 
made known to the trusted configuration server 200 "of- 
fline", before the router deployment. The public key of 
the trusted computing environment 1 1 0 is encrypted us- 
ing the public key 21 0 of the configuration management 
server 200. This assures that only the configuration serv- 
er 200 will be able to decrypt the public key 1 1 1 of the 
trusted computing environment 110. Shown in figure 4 
is the trusted configuration server 200 which has already 
received the initial heartbeat message 300 comprising 
the public key 1 1 1 of the trusted computing environment 
1 1 0. The public key 1 1 1 has been generated by decrypt- 
ing the initial heartbeat message 300 using the private 
key 201 . After that the heartbeat message 310 itself is 
periodically generated within the trusted computing en- 
vironment 1 1 0 and periodically sent to the configuration 
server 200. The heartbeat message 31 0 comprises a sig- 
nature which has been generated using the private key 
101 of the trusted computing environment 110. The 
heartbeat message 310 also comprises a time stamp to 
protect the method against replay attacks. The genera- 
tion of the heartbeat message is shown in figure 5. 
[0047] In figure 6 the heartbeat message 31 0 has been 
received by the configuration server 200. Using means 
315 and the public key 111 the heartbeat message is 
decrypted. As the private key 1 01 of the trusted comput- 
ing environment 1 1 0 is protected inside the trusted com- 
puting environment 1 10 it is impossible for an attacker 
to generate a valid heartbeat message 31 0. 
[0048] The initial heartbeat message 300 comprises 
additionally a so called magic value. The magic value is 
a way to detect that the decryption is successful. The 
magic value is important to be able to detect a failing 
decryption, that is the magic value after decryption is in- 
correct. The magic value is also important to detect a 
failing comparison between the reference message di- 
gest and the local message digest, an integrity problem. 
If the magic value is correct at the beginning and the end 
of the encrypted message, the reference message di- 
gests are correct. So if the comparison fails, the only 
possible reason is because the local message digests 



are incorrect, i. e. integrity problem. 
[0049] In an embodiment of the invention the messag- 
es in between the network equipment 100 and the con- 
figuration server 200 can be combined in one single mes- 

5 sage per direction. For example the request for first mes- 
sage digests 125 and 135 and the heartbeat message 
310 can be combined in a unique message. 
[0050] The entity receiving the initial heartbeat mes- 
sage 300 and the heartbeat message 310 can be the 

10 configuration server 200 - as shown in the example 
above. It is also possible to send the heartbeat message 
310 and the initial heartbeat message 300 to a second 
remote location which can for example be a management 
server which is different from the configuration server 

15 200. The management server should then also be a serv- 
er trusted by the network equipment 1 00. 
[0051] The reaction to a failed integrity check of the 
network equipment 100 is preferably configurable. Poli- 
cies can range from less to more aggressive for example. 

20 One possibility is to send an alarm to an alarm server. 
For this implementation the IP UDP (Internet Protocol 
User Datagram Protocol) stack should be trustable it can 
either be inside the trusted computing environment 1 10 
or has a valid message digest. Another possibility to react 

25 to a failed integrity check could be to reload a validated 
configuration, e. g. acertified configuration, ora validated 
binary image, e. g. acertified binary image, fromthetrust- 
ed configuration server 200 using a TLS/SSL (Transport 
Layer Security / Secure Sockets Layer) or I Psec (Internet 

30 Protocol Security)tunnel. The reloaded configuration can 
then be used forthe network equipment 1 00. If the router 
hastwotrusted computing environments 1 10 one of them 
can reload the certified configuration while the other one 
hosts the running configuration. 

35 [0052] This solution delegates the root of trust of the 
network equipment 100 inside hardware via a trusted 
component 110. Then periodically and additionally at 
boot time the integrity of the network equipment's 100 
running configuration, code 120 and data 130 can be 

40 verified. This principle can be called in a critical environ- 
ment "defence in depth". This means that several barriers 
have to be broken before corrupting a system. Having 
the root password of the network equipment 100 would 
not be enough to corrupt it. The secret key 1 1 1 generated 

45 inside the trusted computing environment 110 is only 
used forthe heartbeat message 31 0 to sign the heartbeat 
message 310. A network equipment 100 can therefore 
have two trusted computing environments 110. This 
doesn't inhibit receiving messages, as the secret key 

50 within the trusted computing environments 110 is not 
used for deciphering received messages. 



Claims 

1 . Network equipment (1 00) comprising a trusted com- 
puting environment (1 1 0), the trusted computing en- 
vironment (110) providing isolation to allow some 
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process to run in a complete and separate environ- 
ment from other processes and to securely store da- 
ta, characterized by the trusted computing environ- 
ment (1 1 0) comprising 

first message digests (1 25, 1 35) which are message 5 
digests of at least part of code (121) and data (131) 
of a validated configuration of the networkequipment 
(100), 

means for calculating second message digests of at 
least part of code (120) and data (130) of the running 10 
configuration of the network equipment (100), and 
means for checking the running configuration of the 
network equipment (1 00) using the first message di- 
gests (125, 135) and the second message digests. 

15 

2. Network equipment (1 00) according to claim 1 , fur- 
ther characterized by the trusted computing envi- 
ronment (110) comprising cryptographic means for 
verifying the integrity and origin of the first message 
digests (125, 135). 20 

3. Network equipment (1 00) according to claim 1 or 2, 
further 

characterized by 

said trusted computing environment (110) being 25 
adapted to perform at regular intervals the step of 
checking the running configuration of the network 
equipment (100). 



4. Network equipment (1 00) according to claim 1 , 2 or 30 
3, further 

characterized by 

means for requesting the first message digests (1 25, 
135) from a remote location (200), and 
means for receiving the first message digests (125, 35 
135) from said remote location (200). 

5. Network equipment (1 00) according to claim 4, char- 
acterized by 

being adapted to send at regular intervals a crypto- 40 
graphically signed heartbeat message (31 0) to said 
remote location (200) and/or a second remote loca- 
tion. 

6. Network equipment (1 00) according to claim 4 or 5, 45 
further characterized by being adapted to perform 

at regular intervals the steps of requesting and re- 
ceiving said first message digests (125, 135) from 
said remote location (200) and 

said trusted computing environment (110) being 50 
adapted to perform at regular intervals the step of 
checking the running configuration of the network 
equipment (100). 

7. Method for checking the running configuration of a 55 
network equipment (100), whereas the network 
equipment (1 00) comprises a trusted computing en- 
vironment (1 1 0), the trusted computing environment 



(110) providing isolation to allow some process to 
run in a complete and separate environment from 
other processes and to securely store data, the trust- 
ed computing environment (110) comprising first 
message digests (125, 135), said first message di- 
gests (125, 135) being message digests of at least 
part of code (1 21 ) and data (1 31 ) of a validated con- 
figuration of the network equipment (1 00), the meth- 
od comprising the steps of 

calculating within said trusted computing environ- 
ment (1 1 0) second message digests of at least part 
of code (120) and data (130) of a running configura- 
tion of the network equipment (1 00), 
checking within the trusted computing environment 
(1 1 0) the running configuration of the network equip- 
ment (100) using the first message digests (125, 
135) and the second message digests. 

8. Method according to claim 7, further comprising the 
step of cryptographically verifying within the trusted 
computing environment (1 1 0) the integrity and origin 
of the first message digests (125, 135). 

9. Method according to claim 7 or 8, characterized by 

performing at regular intervals the step of checking 
the running configuration of the network equipment 
(100) within the trusted computing environment 
(110). 

1 0. Method according to claim 7, 8 or 9, further compris- 
ing the steps of requesting the first message digests 
(125, 135) from a remote location (200), and 
receiving said first message digests (1 25, 1 35) from 
said remote location (200). 

1 1 . Method according to claim 1 0, furthercharacterized 
by the step of sending at regular intervals a crypto- 
graphically signed heartbeat message (310) to said 
remote location (200) and/or to a second remote lo- 
cation. 

12. Method according to claim 1 0 or 1 1 , characterized 
by 

performing at regular intervals the steps of request- 
ing and receiving said first message digests (125, 
135) from said remote location (200) and checking 
the running configuration of the network equipment 
(100) within the trusted computing environment 
(110). 



Amended claims in accordance with Rule 137(2) 
EPC. 

1. Network equipment (100) comprising a trusted 
computing environment (1 1 0), the trusted computing 
environment (1 10) providing isolation to allow some 
process to run in a complete and separate environ- 



40 



7 



13 



EP 1 944 942 A1 



14 



ment from other processes and to securely store da- 
ta, characterized by the trusted computing environ- 
ment (1 1 0) comprising 

first message digests (1 25, 1 35) which are message 
digests of at least part of code (121) and data (131) 
of a validated configuration of the networkequipment 
(100), 

means for calculating second message digests of at 
least part of code (120) and data (130) of a running 
configuration of the network equipment (100), and 
means for checking the running configuration of the 
network equipment (1 00) using the first message di- 
gests (125, 135) and the second message digests. 



other processes and to securely store data, the trust- 
ed computing environment (110) comprising first 
message digests (125, 135), said first message di- 
gests (125, 135) being message digests of at least 
5 part of code (1 21 ) and data (1 31 ) of a validated con- 

figuration of the network equipment (1 00), the meth- 
od comprising the steps of 

calculating within said trusted computing environ- 
ment (1 1 0) second message digests of at least part 
10 of code (120) and data (130) of a running configura- 
tion of the network equipment (1 00), 
checking within the trusted computing environment 
(1 1 0) the running configuration of the network equip- 
ment (100) using the first message digests (125, 
15 135) and the second message digests. 



2. Network equipment (100) according to claim 1, 
further characterized by the trusted computing en- 
vironment (1 1 0) comprising cryptographic means for 
verifying the integrity and origin of the first message 
digests (125, 135). 

3. Network equipment (1 00) according to claim 1 or 
2, further 
characterized by 

said trusted computing environment (110) being 
adapted to perform at regular intervals the step of 25 
checking the running configuration of the network 
equipment (100). 

4. Network equipment (1 00) according to claim 1 , 2 

or 3, further 30 
characterized by 

means for requesting the first message digests (1 25, 
135) from a remote location (200), and 
means for receiving the first message digests (125, 
135) from said remote location (200). 35 

5. Network equipment (100) according to claim 4, 
characterized by being adapted to send at regular 
intervals a cryptographically signed heartbeat mes- 
sage (310) to said remote location (200) and/or a 40 
second remote location. 

6. Network equipment (1 00) according to claim 4 or 
5, further characterized by being adapted to per- 
form at regular intervals the steps of requesting and 45 
receiving said first message digests (1 25, 1 35) from 
said remote location (200) and 

said trusted computing environment (110) being 
adapted to perform at regular intervals the step of 
checking the running configuration of the network 50 
equipment (100). 

7. Method for checking a running configuration of a 
network equipment (100), whereas the network 
equipment (1 00) comprises a trusted computing en- 55 
vironment (1 1 0), the trusted computing environment 
(110) providing isolation to allow some process to 

run in a complete and separate environment from 



8. Method according to claim 7, further comprising 
the step of cryptographically verifying within thetrust- 
ed computing environment (110) the integrity and 
origin of the first message digests (125, 135). 

9. Method according to claim 7 or 8, characterized 
by 

performing at regular intervals the step of checking 
the running configuration of the network equipment 
(100) within the trusted computing environment 
(110). 

1 0. Method according to claim 7, 8 or 9, further com- 
prising the steps of requesting the first message di- 
gests (125, 135) from a remote location (200), and 
receiving said first message digests (1 25, 1 35) from 
said remote location (200). 

11. Method according to claim 10, further charac- 
terized by the step of sending at regular intervals a 
cryptographically signed heartbeat message (310) 
to said remote location (200) and/or to a second re- 
mote location. 

12. Method according to claim 10 or 11, 
characterized by 

performing at regular intervals the steps of request- 
ing and receiving said first message digests (125, 
135) from said remote location (200) and 
checking the running configuration of the network 
equipment (100) within the trusted computing envi- 
ronment (1 1 0). 
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Fig. 1 



9 



EP 1 944 942 A1 






10 



EP 1 944 942 A1 




Fig. 3 
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